Safeguard.sh
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

All (1954)AI Security (294)DevSecOps (153)Open Source Security (132)Best Practices (126)Vulnerability Analysis (98)Incident Analysis (83)Industry Analysis (80)Application Security (73)Compliance (68)Container Security (64)Software Supply Chain Security (51)Vulnerability Management (47)Regulatory Compliance (42)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)Cloud Security (35)SBOM (34)Supply Chain Security (25)Ransomware (21)Infrastructure Security (20)SBOM & Compliance (19)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Product Launch (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Frameworks (1)Product Update (1)Standards (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
DevSecOps

Snyk vs Dependabot: A Head-to-Head Comparison

Evaluate Snyk and Dependabot on vulnerability detection, ecosystem coverage, CI integration, pricing, and remediation to pick the right SCA tool for your team.

Jun 14, 20235 min read
Container Security

Container Base Image Selection: A Security-First Decision Framework

Your base image choice determines your container security baseline. Most teams pick based on size or familiarity, not security properties.

Jun 12, 20236 min read
Vulnerability Analysis

FortiGate CVE-2023-27997: Critical Heap Overflow in SSL VPN

A pre-authentication heap overflow in FortiOS SSL VPN allowed remote code execution on hundreds of thousands of internet-facing firewalls.

Jun 12, 20236 min read
Developer Security

JetBrains Plugin Security Verification: Protecting Your IDE

IDE plugins run with the same privileges as your IDE. A malicious IntelliJ plugin has access to your source code, credentials, and development environment.

Jun 12, 20235 min read
Tool Reviews

JFrog Xray: Vulnerability Scanning Built Into Your Artifact Pipeline

A review of JFrog Xray for vulnerability scanning and license compliance, covering its deep integration with Artifactory, impact analysis, and binary-level scanning.

Jun 12, 20235 min read
Incident Response

MOVEit Breach Impact Assessment: The Cl0p Campaign's Fallout

The MOVEit breach became one of the largest data theft incidents in history. Here's an assessment of the damage and what organizations should learn.

Jun 10, 20237 min read
Compliance

SWIFT CSCF: Software Security Requirements for Financial Messaging

SWIFT's Customer Security Controls Framework sets mandatory security baselines for financial institutions. Here's the software supply chain angle.

Jun 10, 20236 min read
Case Studies

Spotify's Dependency Management at Scale

Inside Spotify's approach to managing thousands of dependencies across hundreds of microservices, balancing developer autonomy with supply chain security.

Jun 10, 20237 min read
Security Strategy

Vendor Lock-In in Security Tooling: The Hidden Cost of Integration

Deep integration with a security vendor creates efficiency but also dependency. Here is how to evaluate lock-in risk in your security tooling decisions.

Jun 8, 20234 min read
Page 163 of 218

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard.sh — Software Supply Chain Security Insights